Direct mail still works if you avoid common mistakes

We’ve aggregated many of the world’s best growth marketers into one community. Twice a month, we ask them to share their most effective growth tactics, and we compile them into this Growth Report.

This is how you stay up-to-date on growth marketing tactics — with advice that’s hard to find elsewhere.

Our community consists of 1,000 startup founders and VP’s of growth from later-stage companies. We have 400 YC founders, plus senior marketers from companies including Medium, Docker, Invision, Intuit, Pinterest, Discord, Webflow, Lambda School, Perfect Keto, Typeform, Modern Fertility, Segment, Udemy, Puma, Cameo and Ritual .

You can participate in our community by joining Demand Curve’s marketing webinars, Slack group, or marketing training program.

Without further ado, onto our community’s advice.

Advertising in Discord/Telegram communities

Insights from Varun Mathure of Midnite

Discord/Telegram can be a great place to find engaged, niche communities for advertising. However, do not treat it like a typical ad channel. Community marketing is its own art, and there are many principles to doing it effectively. Here are just a few:

  • Treat Discord/Telegram users like you would Reddit users: they’ll reject being advertised to unless there’s legitimate, authentic value being provided.
  • Work with moderators to offer services that make their moderation duties easier. Perhaps a bot or tool that would be legitimately useful to the community while also organically pitching your startup.
  • Have a well-respected community member vouch for you — it goes a long way toward building trust with the rest of the community. Always start by building relationships.
  • Have a member of your team active in the community. Don’t just advertise; contribute regularly.
  • Run promos/incentives that encourage members to post your product screenshots or share your product output in the community. In other words, incentivize a frictionless way for community members to become your brand ambassadors.

Landing page tear-downs [Video]

Watch us critique landing pages. In the process, you’ll learn how to improve your own.

Most common direct mail mistakes

Uber reports a sharp rise in government demands for user data

Uber says the number of legal demands for riders’ data made by U.S. and Canadian authorities has risen sharply in the past year.

The ride-hailing company said the number of law enforcement demands for user data during 2018 are up 27% on the year earlier, according to its annual transparency report published Wednesday. Uber said the rise in demands was partly due to its business growing in size, but also a “rising interest” from governments to access data on its customers.

Uber said it received 3,825 demands for 21,913 user accounts from the U.S. government, with the company turning over some data in 72% of cases, during 2018.

That’s up from 2,940 demands for 17,181 user accounts a year earlier, with a slightly higher compliance rate of 73%.

Canadian authorities submitted 161 demands for data on 593 user accounts during 2018.

Uber said that the rise in demands for customer data presents a challenge for the ride-hailing company, previously valued at $82 billion, which went public in May. “Our responsibility to preserve consumer privacy while meeting regulatory and public safety obligations will become increasingly complex and challenging as we field a growing number of government requests for data every year,” said Uttara Sivaram, Uber’s global privacy and security public policy chief.

The company also said it disclosed ride information on 34 million users to U.S. regulators and 1.8 million users to Canadian regulators, such as local taxi and transport authorities. Uber said it is mandated to give over the information to regulators as part of the “bespoke legal and regulatory requirements to which we are subject,” which can include pickup and drop-off locations, fares, and other data that may “identify individual riders,” the company said.

Uber isn’t the only company fielding a record number of demands from governments. Apple, Amazon, Facebook, and Twitter have all reported a rise in government demands over the past year as their customer base continues to grow while governments become increasingly hungry for companies’ data.

But Uber’s figures only offer insight into only the largest portions of its businesses — its consumer and business ride-hailing services, food delivery, and electric scooters — and only covers the North America, despite operating in hundreds of cities around the world.

Despite the rise in overall law enforcement requests, Uber said it “has not received a national security request” to date.

Such disclosures are rare but not unheard of. Most national security demands, such as orders issued by the Foreign Intelligence Surveillance Court and FBI-issued subpoenas, are coupled with secrecy rules that prevent the companies from disclosing anything about the demand. By proactive posting these so-called “warrant canary” statements, companies can quietly reveal when they have received such orders by removing the statements from their websites.

Apple famously used a warrant canary in its first transparency report in the wake of the NSA surveillance scandal, as revealed by whistleblower Edward Snowden. In 2016, Reddit quietly removed its warrant canary suggesting it had received a classified order.

Although the First Amendment protects government-compelled speech, the legality of warrant canaries remain legally questionable.

VoltServer adds a data layer to electricity distribution in a move that could help smart grid rollout

Stephen Eaves, the chief executive of a new startup which promises to overlay data on electricity distribution has spent years developing data management technologies.

Eaves’ first company, the eponymous Eaves Devices focused on energy systems in aerospace and defense — they converted the military’s fleet of B2 bombers to use lithium ion batteries.

The second company he was involved in was developing modular array devices to install in central offices and cell towers and conducted early work on electric vehicle development.

His goal, Eaves says, was to “make electricity inherently safe”.

VoltServer is the latest company from Eaves to pursue that goal. Eaves makes transmission safer by breaking electrical distribution into packets and those packets are sent down transmission lines to ensure that are not faults. If there’s a break in the line, the equipment stops transmitting energy.

“We take either AC or DC electricity into a transmitter and the transmitter breaks the electricity into packets and the receiver takes the packets and puts them back together and distributes it as regular AC/DC current,” Eaves explains.

The architecture is akin to a router. There’s digital signal processing in the transmitter powered by a semiconductor that’s a gateway for the electricity. “It’s like the devices you find in solar power converters,” says Eaves.

Already roughly 700 stadiums, large offices, and indoor grow facilities have deployed the company’s technology. And the traction was enough to attract the attention of Alphabet subsidiary, Sidewalk Labs, which led a recent $7.4 million financing into the company. To date, the company has raised $18 million from a clutch of investors including: Marker Hill Capital, Slater Technology Fund, Natural Resources Capital Management, Clean Energy Venture Group, Angel Street Capital and Coniston Capital.  

“We’re kind of a combined hardware and software company,” says Eaves. “[Customers] buy the boxes and the company has third parties that install it.. There are software applications to track energy usage to assign processes for what to do in an outage.”

Typical installations can be anywhere from $30,000 to $1 million and the company is targeting three core markets — intelligent building infrastructure, communications, and indoor agriculture, according to Eaves. In fact, the company’s largest installation is a lettuce farm in Florida. “You’re in a very constrained environment and you want a very safe transmission technology. And we’ve developed a lighting product. It removes a lot of the conversion electronics that would normally be in the growth space,” says Eaves.

The technology certainly slashes the cost for power transmission in a stadium. Traditional power transmission can cost roughly $36 per linear foot, while VoltServer can cut that cost to less than $10 per foot, according to the company.

VoltServer isn’t the only startup that’s looking to add data controls to electricity distribution. Companies like Blueprint PowerBlue Pillar, and monitoring companies like Enertiv and Aquicore are all looking at ways to monitor and manage distribution. At the grid scale, there’s Camus Energy which looks to provide energy “orchestration” services.

“Electricity powers our world, but the fundamental danger inherent in AC or DC electricity makes today’s electrical systems expensive to install or change,” said Sidewalk Labs chairman and chief executive, Dan Doctoroff in a statement. “[This technology] is a breakthrough, offering a less expensive, safer and more efficient way to distribute electricity that can make buildings more affordable and flexible.  Over time, that can make cities more affordable, sustainable, and adaptable as our needs change.”

For some investors in the energy sector, these kinds of distribution and transmission technologies are a critical component of the next generation of grid technologies needed to bring the world closer to 100% renewable transmission.

“What is relevant is internet-connected, controllable energy assets that you can control from some centralized dispatch,” says one investor active in energy investing. 

Two security researchers earned $60,000 for hacking an Amazon Echo

Two security researchers have been crowned the top hackers in this year’s Pwn2Own hacking contest after developing and testing several high profile exploits, including an attack against an Amazon Echo.

Amat Cama and Richard Zhu, who make up Team Fluoroacetate, scored $60,000 in bug bounties for their integer overflow exploit against the latest Amazon Echo Show 5, an Alexa-powered smart display.

The researchers found that the device uses an older version of Chromium, Google’s open-source browser projects, which had been forked some time during its development. The bug allowed them to take “full control” of the device if connected to a malicious Wi-Fi hotspot, said Brian Gorenc, director of Trend Micro’s Zero Day Initiative, which put on the Pwn2Own contest.

The researchers tested their exploits in a radio-frequency shielding enclosure to prevent any outside interference.

“This patch gap was a common factor in many of the IoT devices compromised during the contest,” Gorenc told TechCrunch.

Amat Cama (left) and Richard Zhu (right), who make up Team Fluoroacetate. (Image: ZDI)

An integer overflow bug happens when a mathematical operation tries to create a number but has no space for it in its memory, causing the number to overflow outside of its allotted memory. That can have security implications for the device.

When reached, Amazon said it was “investigating this research and will be taking appropriate steps to protect our devices based on our investigation,” but did not say what measures it would take to fix the vulnerabilities — or when.

The Echo wasn’t the only internet-connected device at the show. Earlier this year the contest said hackers would have an opportunity to hack into a Facebook Portal, the social media giant’s video calling-enabled smart display. The hackers, however, could not exploit the Portal.

Airbnb to ban ‘party houses’ in wake of Halloween shooting that left 5 dead

Airbnb CEO Brian Chesky said Saturday the company will ban “party houses” and take other steps to safeguard hosts and guests after five people died at a Halloween party hosted at California home that was rented on the service.

Chesky made the announcement via a series of tweets Saturday. “What happened on Thursday night in Orinda, CA was horrible,” Chesky wrote. “I feel for the families and neighbors impacted by this tragedy — we are working to support them.”

Chesky then announced that party houses would be banned and that the company is “redoubling” efforts to combat unauthorized parties.

Chesky announced several other measures to increase safety, including the expansion of manual screenings of high-risk reservations flagged by Airbnb’s risk detection technology and creating a dedicated “party house” rapid response team

Margaret Richardson, from Airbnb’s executive team, has been tasked to accelerate the review process to enact these new policies as soon as possible, he added.

 

Contra Costa County Sheriff’s Office said the party had been advertised on social media as a mansion party, the San Francisco Chronicle reported. Police were headed to the home Oct. 31 over noise complaints when the gunfire began around 10:50 p.m. Several people died at the scene. The fifth victim died Friday night.

Slack investor Index Ventures backs Slack competitor Quill

Slack created a new solution for workplace communication, one copied by many, even Microsoft. But the product, which is meant to help individuals and businesses collaborate, has been critiqued for sending too many notifications, with some claiming it’s sabotaged workplace productivity.

Quill, a startup led by Ludwig Pettersson, Stripe’s former creative director and design aficionado, claims to offer “meaningful conversations, without disturbing your team.” The company has raised a $2 million seed round led by Sam Altman with participation from General Catalyst, followed by a $12.5 million Series A at a $62.5 million valuation led by Index Ventures partner and former Slack board observer Sarah Cannon, TechCrunch has learned.

Quill and Cannon declined to comment.

The company, based in San Francisco, has created a no-frills messaging product. Still in beta, Quill plans to encourage fewer, more focused conversations with a heavy emphasis on threads, sources tell TechCrunch . The product is less of a firehose than Slack, says former Y Combinator president Altman, where one can get stuck for extended periods of time filtering through direct messages, threads and channels.

“It’s relentlessly focused on increasing the bandwidth and efficiency of communication,” Altman tells TechCrunch. “The product technically works super well–it surfaces the right information in the feed and it’s pretty intelligent about how it brings the right people into conversations.”

Pettersson previously worked with Altman at his current venture, OpenAI, a research-driven business focused on development that steers artificial intelligence in a “friendlier” direction. Pettersson was a member of the company’s technical staff in 2016 and 2017, creating OpenAI’s initial design.

Index Ventures, for its part, appears to be doubling down on the growing workplace communications software category. The firm first invested in Slack, which completed its highly-anticipated direct listing earlier this year, in 2015. Slack went on to raise hundred millions more, reaching a valuation of over $7 billion in 2018.

Since going public, Slack has struggled to find its footing on the public markets, in large part due to the growing threat of Microsoft Teams, the software giant’s Slack-like product that debuted in 2016. Quickly, Microsoft has gobbled up market share, offering convenient product packages including beloved tools used by most businesses. As of July, Teams had 13 million daily active users and the title of Microsoft’s fastest-growing application in its history. Slack reported 12 million daily active users earlier this month.

Startups like Quill pose a threat to Slack, too. It created the playbook for workplace chat software and proved the massive appetite for such tools; companies are bound to iterate on the model for years to come.

Quill is also backed by OpenAI’s chairman and chief technology officer Greg Brockman and Elad Gil, a former Twitter executive and co-founder of Color Genomics.

Facebook unveils its first foray into personal digital healthcare tools

Nearly a year and a half after the Cambridge Analytica scandal reportedly scuttled Facebook’s fledgling attempts to enter the healthcare market, the social media giant is launching a tool called “Preventive Health” to prompt its users to get regular checkups and connect them to service providers.

The architect of the new service is Dr. Freddy Abnousi, the head of the company’s healthcare research, who was previously linked to an earlier skunkworks initiative that would collect anonymized hospital data and use a technique called “hashing” to match the data to individuals that exist in both data sets — for research, according to CNBC reporting.

Working with the American Cancer Society; the American College of Cardiology; the American Heart Association; and the Centers for Disease Control and Prevention Facebook is developing a series of digital prompts that will encourage users to get a standard battery of tests that’s important to ensure health for populations of a certain age.

The company’s initial focus is on the top two leading causes of death in the U.S.: heart disease and cancer — along with the flu, which affects millions of Americans each year.

“Heart disease is the number one killer of men and women around the world and in many cases it is 100% preventable. By incorporating prevention reminders into platforms people are accessing every day, we’re giving people the tools they need to be proactive about their heart health,” said Dr. Richard Kovacs, the president of the American College of Cardiology, in a statement.

Users who want to access Facebook’s Preventive Health tools can search in the company’s mobile app to find which checkups are recommended by the company’s partner organizations based on the age and gender of a user.

The tool allows Facebookers to mark when the tests are completed, set reminders to schedule future tests and tell people in their social network about the tool.

Facebook will even direct users to resources on where to have the tests. One thing that the company will not do, Facebook assures potential users, is collect the results of any test.

“Health is particularly personal, so we took privacy and safety into account from the beginning. For example, Preventive Health allows you to set reminders for your future checkups and mark them as done, but it doesn’t provide us, or the health organizations we’re working with, access to your actual test results,” the company wrote in a statement. “Personal information about your activity in Preventive Health is not shared with third parties, such as health organizations or insurance companies, so it can’t be used for purposes like insurance eligibility.”

The company said that people can also use the new health tool to find locations that administer flu shots.

“Flu vaccines can have wide-ranging benefits beyond just preventing the disease, such as reducing the risk of hospitalization, preventing serious medical events for some people with chronic diseases, and protecting women during and after pregnancy,” said Dr. Nancy Messonnier, Director, National Center for Immunization and Respiratory Diseases, CDC, in a statement. “New tools like this will empower users with instant access to information and resources they need to become a flu fighter in their own communities.”

Millions downloaded dozens of Android apps on Google Play infected with adware

Security researchers have found dozens of Android apps in the Google Play store serving ads to unsuspecting victims as part of a money-making scheme.

ESET researchers found 42 apps containing adware, which they say have been downloaded over 8 million times since they first debuted in July 2018.

These apps look normal but act sneakily. Once an unsuspecting user installs an adware-infected app, the app will serve full-screen ads on the device’s display at semi-random intervals. Often the apps will delete their shortcut icon, making it more difficult to remove. The adware-infected apps will also mimic Facebook and Google’s apps to avoid suspicion, likely as a way to detract from the actual ad-serving app and to keep the app the device for as long as possible.

In the background, the apps were also sending back data about the user’s device — including if certain apps are installed and if the device allows apps from non-app store sources — which could be used to install more malicious software on a device.

“The adware functionality is the same in all the apps we analyzed,” said Lukas Stefanko, one of ESET’s security researchers.

The researchers also found that the apps would check to see if an affected device was connected to Google’s servers in an effort to prevent detection. If the apps think they are being tested by Google Play’s security mechanisms, which ostensibly keep the app store free from malicious apps, the adware payload will not be triggered.

Some of those apps include Video Downloader Master, which had five million downloads; and Ringtone Maker Pro, SaveInsta and Tank Classic, which had 500,000 downloads each.

The researchers say a Vietnamese college student may be behind the adware campaign.

Google removed all of the offending apps but the researchers warned that many were still available from third-party app stores. A spokesperson confirmed all of the apps have been removed, but the search and mobile giant does not usually comment beyond acknowledging their removal.

Read more:

MediaLab acquires messaging app Kik, expanding its app portfolio

Popular messaging app Kik is, indeed, “here to stay” following an acquisition by the Los Angeles-based multimedia holding company, MediaLab.

It echoes the same message from Kik’s chief executive Tim Livingston last week when he rebuffed earlier reports that the company would shut down amid an ongoing battle with the U.S. Securities and Exchange Commission. Livingston had tweeted that Kik had signed a letter-of-intent with a “great company,” but that it was “not a done deal.”

Now we know the the company: MediaLab. In a post on Kik’s blog on Friday the MediaLab said that it has “finalized an agreement” to acquire Kik Messenger.

Kik is one of those amazing places that brings us back to those early aspirations,” the blog post read. “Whether it be a passion for an obscure manga or your favorite football team, Kik has shown an incredible ability to provide a platform for new friendships to be forged through your mobile phone.”

MediaLab is a holding company that owns several other mobile properties, including anonymous social network Whisper and mixtape app DatPiff. In acquiring Kik, the holding company is expanding its mobile app portfolio.

MediaLab said it has “some ideas” for developing Kik going forwards, including making the app faster and reducing the amount of unwanted messages and spam bots. The company said it will introduce ads “over the coming weeks” in order to “cover our expenses” of running the platform.

Buying the Kik messaging platform adds another social media weapon to the arsenal for MediaLab and its chief executive, Michael Heyward .

Heyward was an early star of the budding Los Angeles startup community with the launch of the anonymous messaging service, Whisper nearly 8 years ago. At the time, the company was one of a clutch of anonymous apps — including Secret and YikYak — that raised tens of millions of dollars to offer online iterations of the confessional journal, the burn book, and the bathroom wall (respectively).

In 2017, TechCrunch reported that Whisper underwent significant layoffs to stave off collapse and put the company on a path to profitability.

At the time Whisper had roughly 20 million monthly active users across its app and website, which the company was looking to monetize through programmatic advertising, rather than brand-sponsored campaigns that had provided some of the company’s revenue in the past. Through widgets, the company had an additional 10 million viewers of its content per-month using various widgets and a reach of around 250 million through Facebook and other social networks on which it published posts.

People familiar with the company said at the time that it was seeing gross revenues of roughly $1 million and was going to hit $12.5 million in revenue for that calendar year. By 2018 that revenue was expected to top $30 million, according to sources at the time.

The flagship Whisper app let people post short bits of anonymous text and images that other folks could like or comment about. Heyward intended it to be a way for people to share more personal and intimate details —  to be a social network for confessions and support rather than harassment.

The idea caught on with investors and Whisper managed to raise $61 million from investors including Sequoia, Lightspeed Venture Partners, and Shasta Ventures . Whisper’s last round was a $36 million Series C back in 2014.

Fast forward to 2018 when Secret had been shut down for three years while YikYak also went bust — selling off its engineering team to Square for around $1 million. Whisper, meanwhile, seemingly set up MediaLab as a holding company for its app and additional assets that Heyward would look to roll up. The company filed registration documents in California in June 2018.

According to the filings, Susan Stone, a partner with the investment firm Sierra Wasatch Capital, is listed as a director for the company.

Heyward did not respond to a request for comment.

Zack Whittaker contributed reporting for this article. 

Mercedes-Benz app glitch exposed car owners’ information to other people’s accounts

Mercedes-Benz car owners have said that the app they used to remotely locate, unlock and start their cars was displaying other people’s account and vehicle information.

TechCrunch spoke to two customers who said the Mercedes-Benz’ connected car app was pulling in information from other accounts and not their own, allowing them to see personal information — including names, locations, phone numbers, and other information — of other vehicle owners.

The apparent security lapse happened late-Friday before the app went offline “due to site maintenance” a few hours later.

It’s not uncommon for modern vehicles these days to come with an accompanying phone app. These apps connect to your car and let you remotely locate them, lock or unlock them, and start or stop the engine. But as cars become internet-connected and hooked up to apps, security flaws have allowed researchers to remotely hijack or track vehicles.

One Seattle-based car owner told TechCrunch that their app pulled in information from several other accounts. He said that both he and a friend, who are both Mercedes owners, had the same car belonging to another customer, in their respective apps but every other account detail was different.

benz app 2

Screenshots of the Mercedes-Benz app showing another person’s vehicle, and exposed data belonging to another car owner. (Image: supplied)

The car owners we spoke to said they were able to see the car’s recent activity, including the locations of where it had recently been, but they were unable to track the real-time location using the app’s feature.

When he contacted Mercedes-Benz, a customer service representative told him to “delete the app” until it was fixed, he said.

The other car owner we spoke to said he opened the app and found it also pulled in someone else’s profile.

“I got in contact with the person who owns the car that was showing up,” he told TechCrunch. “I could see the car was in Los Angeles, where he had been, and he was in fact there,” he added.

He said that he wasn’t sure if the app has exposed his private information to another customer.

“Pretty bad fuck up in my opinion,” he said.

The first customer reported that the “lock and unlock” and the engine “start and stop” features did not work on his app, somewhat limiting the impact of the security lapse. The other customer said they did not attempt to test either feature.

It’s not clear how the security lapse happened or how widespread the problem was. A spokesperson for Daimler, the parent company of Mercedes-Benz, did not respond to a request for comment on Saturday.

According to Google Play’s rankings, more than 100,000 customers have installed the app.

A similar security lapse hit Credit Karma’s mobile app in August. The credit monitoring company admitted that users were inadvertently shown other users’ account information, including details about credit card accounts and balances. But despite disclosing other people’s information, the company denied a data breach.